Some questions with reversing asm via ida

carpoa · June 2, 2024

Got a few questions, Still new to decompiling stuff and reversing so yeah.

I will list them below.

1.

When I am reversing a function and it calls the CityBalance$$GetUpgradePrice then (I am guessing) it stores the returned value in D8 from D0 right?

2.

When decompiling functions I sometimes see var_whateverhere = 0xwhateverHere but it isnt a field offset of anykind, what do they do and how can I understand them? (I included some of the start asm of that function to help you understand if needed)

3.

When wanting to hook onto functions, to modify the field offset (in this case we will use 0x10 = int Coins) would I do something like FunctionOffset + 0x10 to get the fieldoffest variable to then read/write toward that pointed to object?

Like I said I am still new to decompiling stuff and reversing, please excuse me if this is easy for you.

Theo1357 · June 2, 2024

1. Yes
2. I gusse it is offset in stack, skip it
3. No, you must use pointer class + 0x10

void (*old_PersistentPlayerUpdate)(void* _this) = nil;
void PersistentPlayerUpdate(void* _this) {
old_PersistentPlayerUpdate(_this);
if ([menu isSwitchWithIdentifierActive:@"currency"]) {
void *playerData = *(void **)((uint64_t)_this + 0x18);
void *Container = *(void **)((uint64_t)playerData + 0x30);
void *Player = *(void **)((uint64_t)Container + 0x10);
void *player = *(void **)((uint64_t)Player + 0x10);
*(int *)((uint64_t)player + 0x134) = 999999999;
*(int *)((uint64_t)player + 0x138) = 999999999;
*(int *)((uint64_t)player + 0x13C) = 999999999;
*(int *)((uint64_t)player + 0x140) = 999999999;
}
}

MSHookFunction((void *)getRealOffset(APEncryptHex(0x013BE034)), (void *)PersistentPlayerUpdate, (void **)&old_PersistentPlayerUpdate);

carpoa · June 2, 2024

4 minutes ago, tien0246 said:

1. Yes
2. I gusse it is offset in stack, skip it
3. No, you must use pointer class + 0x10

void (*old_PersistentPlayerUpdate)(void* _this) = nil;
void PersistentPlayerUpdate(void* _this) {
old_PersistentPlayerUpdate(_this);
if ([menu isSwitchWithIdentifierActive:@"currency"]) {
void *playerData = *(void **)((uint64_t)_this + 0x18);
void *Container = *(void **)((uint64_t)playerData + 0x30);
void *Player = *(void **)((uint64_t)Container + 0x10);
void *player = *(void **)((uint64_t)Player + 0x10);
*(int *)((uint64_t)player + 0x134) = 999999999;
*(int *)((uint64_t)player + 0x138) = 999999999;
*(int *)((uint64_t)player + 0x13C) = 999999999;
*(int *)((uint64_t)player + 0x140) = 999999999;
}
}

MSHookFunction((void *)getRealOffset(APEncryptHex(0x013BE034)), (void *)PersistentPlayerUpdate, (void **)&old_PersistentPlayerUpdate);

Thank you and thank you alot more for providing a code sample.

carpoa · June 7, 2024

On 6/2/2024 at 9:55 AM, tien0246 said:

3. No, you must use pointer class + 0x10

Just to be 100% sure:

The offset of the class would be the pointer class in this case correct?

So 0x32B87DC + 0x14 (example)

Theo1357 · June 7, 2024

38 minutes ago, carpoa said:

Just to be 100% sure:

The offset of the class would be the pointer class in this case correct?

So 0x32B87DC + 0x14 (example)

Nope, pointer not offset.

If you wanna hack field in ida, try find somewhere like

str w9, [x19, #0x10]
register w9 hold your coin, find at the top somewhere write the value in w9

carpoa · June 7, 2024

1 minute ago, tien0246 said:

Nope, pointer not offset.

If you wanna hack field in ida, try find somewhere like

str w9, [x19, #0x10]
register w9 hold your coin, find at the top somewhere write the value in w9

ic mk. Could you just explain using pointers and getting them please? Thanks for your help :thankyou:

Theo1357 · June 7, 2024

31 minutes ago, carpoa said:

ic mk. Could you just explain using pointers and getting them please? Thanks for your help

On 6/2/2024 at 3:55 PM, tien0246 said:

1. Yes
2. I gusse it is offset in stack, skip it
3. No, you must use pointer class + 0x10

void (*old_PersistentPlayerUpdate)(void* _this) = nil;
void PersistentPlayerUpdate(void* _this) {
old_PersistentPlayerUpdate(_this);
if ([menu isSwitchWithIdentifierActive:@"currency"]) {
void *playerData = *(void **)((uint64_t)_this + 0x18);
void *Container = *(void **)((uint64_t)playerData + 0x30);
void *Player = *(void **)((uint64_t)Container + 0x10);
void *player = *(void **)((uint64_t)Player + 0x10);
*(int *)((uint64_t)player + 0x134) = 999999999;
*(int *)((uint64_t)player + 0x138) = 999999999;
*(int *)((uint64_t)player + 0x13C) = 999999999;
*(int *)((uint64_t)player + 0x140) = 999999999;
}
}

MSHookFunction((void *)getRealOffset(APEncryptHex(0x013BE034)), (void *)PersistentPlayerUpdate, (void **)&old_PersistentPlayerUpdate);

Using hook like it

carpoa · June 7, 2024

3 minutes ago, tien0246 said:

Using hook like it

ohh ok gotcha.

Reading the code I'm assuming _this is the pointer (I guess you could say that) for the class it is within right? I just want to be sure.

Theo1357 · June 7, 2024

9 minutes ago, carpoa said:

ohh ok gotcha.

Reading the code I'm assuming _this is the pointer (I guess you could say that) for the class it is within right? I just want to be sure.

_this is poiter class